Closed Bug 1170927 Opened 10 years ago Closed 10 years ago

bzlite should be hosted on a strong HTTPS setup

Categories

(Firefox OS Graveyard :: General, defect)

Product:
Firefox OS Graveyard
Component:
General
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(blocking-b2g:2.5?)

Status:
RESOLVED DUPLICATE of bug 1150824
Project Flags:
blocking-b2g 2.5?

People

(Reporter: freddy, Assigned: daleharvey)

Details

Hey Dale, I just took a quick look at bzlite and it seems it's using HTTP and does not allow HTTPS at all. Let's try to figure out how we can get this hosted on a strong HTTPS setup. I suppose folks from opsec (CCd) can help you with that as well. Considering that most first dogfooders will have interesting bugzilla credentials (e.g. security permissions), we shouldn't let their login flow go over bzlite and HTTP. (Even though it already uses HTTPS when talking to Bugzilla).
[Blocking Requested - why for this release]:
blocking-b2g: --- → spark?
Yeh this is being working on 1150824, cheers
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Group: b2g-core-security
blocking-b2g: spark? → 2.5?
You need to log in before you can comment on or make changes to this bug.